1795259 – aspell: encoding set to ucs-2 or ucs-4 for a string ending with a single '\0' byte leads to a buffer over-read

Bug 1795259 - aspell: encoding set to ucs-2 or ucs-4 for a string ending with a single '\0' byte leads to a buffer over-read

Summary: aspell: encoding set to ucs-2 or ucs-4 for a string ending with a single '\0'...

Keywords:
Status:	CLOSED DUPLICATE of bug 1764299
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1795260
TreeView+	depends on / blocked

Reported:	2020-01-27 14:53 UTC by Marian Rehak
Modified:	2020-07-16 07:24 UTC (History)
CC List:	3 users (show)
Fixed In Version:	aspell 0.60.8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-02-06 12:39:52 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2020-01-27 14:53:52 UTC

libaspell.a in GNU Aspell 0.60 through 0.60.7 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.

Upstream reference:

http://aspell.net/buffer-overread-ucs.txt

Comment 2 Stefan Cornelius 2020-02-06 12:39:52 UTC


*** This bug has been marked as a duplicate of bug 1764299 ***

Note You need to log in before you can comment on or make changes to this bug.